public void DEmailWithHtmlUrl_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>"; DEmail email = new DEmail { Url = malicious }; email.Scrub(); Assert.AreNotEqual(email.Url, malicious); }
public void DEmailWithSqlUrl_WhenScrubbed_BecomesSafe() { string malicious = "<div>Hello, world!</div>');DROP TABLE dbo.Users;--"; DEmail email = new DEmail { Url = malicious }; email.Scrub(); Assert.AreNotEqual(email.Url, malicious); }
public void DEmailWithHtmlAndSqlUrl_WhenScrubbed_BecomesSafe() { string malicious = "attribute');DROP TABLE dbo.Users;--"; DEmail email = new DEmail { Url = malicious }; email.Scrub(); Assert.AreNotEqual(email.Url, malicious); }